How did Swyftx stop these 40 user accounts from being hacked?

Find out how we potentially stop hackers from walking through the door to your account and what you should do about it.

Swyftx & Auth0

Swyftx takes account security seriously. We’ve partnered with Auth0 a leading cloud platform account security provider to bring to you the best level of password and account security as possible. Your authentication details are maintained by the security professionals and never kept in any of the Swyftx internal systems.

Breached Password Detection

When you signup for Swyftx, we ask Auth0 to check if the credentials you’ve requested to be set for the account are secure. Auth0 maintains a database of user accounts that have been compromised from hacks from other software providers. This database includes billions of email/password combinations and highlights the importance of never using the same password. This month we’ve seen 24 accounts attempt to signup for Swyftx with details that are known to hackers. If we’d allowed the registration, anyone with malicious intent could simply come along and gain full access to the account! We’ll also touch on 2FA later and how this helps.

Breached Password Protection

Not only do we check the integrity of your credentials when you register, but we’ll also proactively scan for accounts where data breaches from other services providers have included your details. If they do, we instantly and automatically disable logins for the account and notify you to change your password, how’s that for fast thinking 🙂 We saw 16 accounts protected by this security measure in the last 2 weeks.

Password Dictionary Lookup

Further to the above breached password checks, we’ll also run your password through the basic checks for complexity and check to see if it might be easy to guess. It might surprise you to know that people are still using passwords like “123456” and “qwerty” and “password” as the most commonly used passwords! There will be none of that where we come from.

Multi-factor Authentication (2FA)

Multi-factor authentication is your last line of defence when it comes to breached accounts. The principal is that in order to login you need 2 things, something you know (password) and something you have (2FA device). Once you’ve logged in to Swyftx you’ll also be required to enter a code sent to your SMS or kept in your Google Authenticator. This is mandatory for all accounts (post beta) and will be required to also confirm withdrawals, account detail changes, and certain high volume trades. It’s important that you always double check you are logging into the Secured Swyftx Website

STOP USING THE SAME PASSWORD

So what are we trying to say here? Well quite simply, start mixing up your passwords, use 2FA and don’t get phished. We can only do so much to help you, but please try to help yourself. Use a password management solution like LastPass and feel free to get in touch via our live chat if you have any concerns or questions.